BGP Community Support on Avi Vantage
Introduction
BGP community is an extra information that the advertised routes can be tagged with, allowing the router on the other end or a BGP peer to better classify/handle routes sharing common property. The community value is a 32-bit field that is divided into two sub-fields. The first 2 bytes encode the AS number of the network that originated the community and the last 2 bytes carry a unique number assigned by the AS. Communities add power to BGP, changing it from a routing protocol to a tool for signaling and policy enforcement.
Note: This feature is not supported for IPv6.
Use Cases
- BGP community is useful when there are common requirements for a range of IP addresses or a network.
- It provides a better understanding of the network topology and routing policy requirement.
- It makes scalability, operation and troubleshooting of a network easier. For more information on BGP community, refer to An Application of the BGP Community Attribute.
Recommended Reading
BGP Support for Scaling Virtual Services
How It Works on Avi Vantage
Avi Vantage supports new ip_community option in BGP configuration. This enables a user to conveniently tag a virtual IP address (VIP) or a back-end server IP address advertised from an Avi Service Engine with appropriate communities. Tagging allows BGP peers to handle BGP routes with discretion.
Configuration
Login to the Avi Controller command line interface (CLI) and follow the below steps to configure BGP community for all routes advertised to a BGP peer.
[admin:controller]: > configure vrfcontext global
Updating an existing object. Currently, the object is:
+----------------+-------------------------------------------------+
| Field | Value |
+----------------+-------------------------------------------------+
| uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 |
| name | global |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+----------------+-------------------------------------------------+
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile>
cancel Exit the current submode without saving
community Community string either in aa:nn format where aa, nn is within [1,65535] or local-AS|no-advertise|no-export|internet.
do Execute a show command
hold_time Hold time for Peers
ibgp BGP peer type
ip_communities (submode)
keepalive_interval Keepalive interval for Peers
local_as Local Autonomous System ID
new (Editor Mode) Create new object in editor mode
no Remove field
peers (submode)
save Save and exit the current submode
send_community Send community attribute to all peers.
show_schema show object schema
watch Watch a given show command
where Display the in-progress object
[admin:controller]: vrfcontext:bgp_profile>
[admin:controller]: vrfcontext:bgp_profile> community internet
[admin:controller]: vrfcontext:bgp_profile> community 10:10
[admin:controller]: vrfcontext:bgp_profile> community 65000:20
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save
+---------------------------+-----------------------------------------------------------------------+
| Field | Value |
+---------------------------+-----------------------------------------------------------------------+
| uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 |
| name | global |
| bgp_profile | |
| local_as | 65000 |
| ibgp | True |
| keepalive_interval. | 60 |
| hold_time | 180 |
| send_community | True |
| community[1] | internet |
| community[2] | 10:10 |
| community[3] | 65000:20 |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+---------------------------+-----------------------------------------------------------------------+
Follow the below step to delete one of the configured communities.
[admin:controller]: > configure vrfcontext global
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile> no community 10:10
Removed community 10:10
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save
+----------------------------+-------------------------------------------------+
| Field | Value |
+----------------------------+-------------------------------------------------+
| uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 |
| name | global |
| bgp_profile | |
| local_as | 65000 |
| ibgp | True |
| peers[1] | |
| remote_as | 1 |
| | |
| send_community | True |
| community[1] | internet |
| community[2] | 65000:20 |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+----------------------------+-------------------------------------------------+
Steps to configure a BGP community specific to routes belonging to an IP range.
The below example shows how to tag any routes with a specific community which will be applied to only a specific IP range.
This IP-specific community overrides the default community in bgp_profile
that applies to all routes.
[admin:controller]: > configure vrfcontext global
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile> ip_communities
New object being created
[admin:controller]: vrfcontext:bgp_profile:ip_communities>
cancel Exit the current submode without saving
community Community string either in aa:nn format where aa, nn is within [1,65535] or local-AS|no-advertise|no-export|internet.
do Execute a show command
ip_begin Beginning of IP address range.
ip_end End of IP address range. Optional if ip_begin is the only ip address in specified ip range.
no Remove field
save Save and exit the current submode
show_schema show object schema
watch Watch a given show command
where Display the in-progress object
[admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_begin 10.70.163.100
[admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_end 10.70.163.200
[admin:controller]: vrfcontext:bgp_profile:ip_communities> community 200:200
[admin:controller]: vrfcontext:bgp_profile:ip_communities> community 100:100
[admin:controller]: vrfcontext:bgp_profile:ip_communities> save
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save
+----------------------------+-------------------------------------------------+
| Field | Value |
+----------------------------+-------------------------------------------------+
| uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 |
| name | global |
| bgp_profile | |
| local_as | 65000 |
| ibgp | True |
| peers[1] | |
| remote_as | 1 |
| | |
| hold_time | 180 |
| send_community | False |
| community[1] | internet |
| community[2] | 65000:20 |
| ip_communities[1] | |
| ip_begin | 10.70.163.100 |
| ip_end | 10.70.163.200 |
| community[1] | 200:200 |
| community[2] | 100:100 |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+----------------------------+-------------------------------------------------+
Follow the steps mentioned below to configure a BGP community for a single IP address (for example a VIP address) that is advertised to a BGP peer.
While configuring community for single IP address, ip_end is optional.
The user can, however configure both ip_begin and ip_end to the same IP address without any issue.
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile> ip_communities
New object being created
[admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_begin 10.70.164.150
[admin:controller]: vrfcontext:bgp_profile:ip_communities> community 150:150
[admin:controller]: vrfcontext:bgp_profile:ip_communities> save
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save
+----------------------------+-------------------------------------------------+
| Field | Value |
+----------------------------+-------------------------------------------------+
| uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 |
| name | global |
| bgp_profile | |
| local_as | 65000 |
| ibgp | True |
| peers[1] | |
| | |
| hold_time | 180 |
| send_community | True |
| community[1] | internet |
| community[2] | 65000:20 |
| ip_communities[1] | |
| ip_begin | 10.70.163.100 |
| ip_end | 10.70.163.200 |
| community[1] | 200:200 |
| community[2] | 100:100 |
| ip_communities[2] | |
| ip_begin | 10.70.164.150 |
| community[1] | 150:150 |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+----------------------------+-------------------------------------------------+
Follow the below CLI commands to stop tagging BGP advertised routes with the community.
This command stops tagging routes with community while preserving the configuration.
The user can enable tagging at a later time if required.
[admin:controller]: > configure vrfcontext global
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile> no send_community
+--------------------------+----------------+
| Field | Value |
+--------------------------+----------------+
| local_as | 65000 |
| ibgp | True |
| peers[1] | |
| remote_as | 1 |
| | |
| hold_time | 180 |
| send_community | False |
| community[1] | internet |
| community[2] | 65000:20 |
| ip_communities[1] | |
| ip_begin | 10.70.163.100 |
| ip_end | 10.70.163.200 |
| community[1] | 200:200 |
| community[2] | 100:100 |
| ip_communities[2] | |
| ip_begin | 10.70.164.150 |
| community[1] | 150:150 |
+--------------------------+----------------+
[admin:controller]: vrfcontext:bgp_profile> save
Follow the below Avi CLI commands to delete the configured ip_communities.
| send_community | False |
| community[1] | local-AS |
| community[2] | no-export |
| ip_communities[1] | |
| ip_begin | 10.70.163.100 |
| ip_end | 10.70.163.200 |
| community[1] | 200:200 |
| community[2] | 100:100 |
| ip_communities[2] | |
| ip_begin | 10.70.164.150 |
| community[1] | 150:150 |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+----------------------------+-------------------------------------------------+
[admin:controller]: > configure vrfcontext global
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile> no ip_communities index 1
Removed ip_communities with index 1
+--------------------------+----------------+
| Field | Value |
+--------------------------+----------------+
| local_as | 65000 |
| ibgp | True |
| peers[1] | |
| remote_as | 1 |
| | |
| hold_time | 180 |
| send_community | False |
| community[1] | internet |
| community[2] | 65000:20 |
| ip_communities[1] | |
| ip_begin | 10.70.164.150 |
| community[1] | 150:150 |
+--------------------------+----------------+
Follow the below steps to enable the community tags for the BGP-advertised routes.
[admin:controller]: > configure vrfcontext global
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile> send_community
Overwriting the previously entered value for send_community
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save
s+----------------------------+------------------------------------------------+
| Field | Value |
+----------------------------+-------------------------------------------------+
| uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 |
| name | global |
| bgp_profile | |
| local_as | 65000 |
| ibgp | True |
| peers[1] | |
| remote_as | 1 |
| peer_ip | 10.70.163.23 |
| subnet | 10.70.163.0/24 |
| md5_secret | sensitive |
| bfd | True |
| advertise_vip | True |
| advertise_snat_ip | True |
| advertisement_interval | 5 |
| connect_timer | 10 |
| keepalive_interval | 60 |
| hold_time | 180 |
| ebgp_multihop | 0 |
| peers[2] | |
| remote_as | 1 |
| peer_ip | 10.70.164.21 |
| subnet | 10.70.164.0/24 |
| md5_secret | sensitive |
| bfd | True |
| advertise_vip | True |
| advertise_snat_ip | True |
| advertisement_interval | 5 |
| connect_timer | 10 |
| keepalive_interval | 60 |
| hold_time | 180 |
| ebgp_multihop | 0 |
| keepalive_interval | 60 |
| hold_time | 180 |
| send_community | True |
| community[1] | internet |
| community[2] | 65000:20 |
| ip_communities[1] | |
| ip_begin | 10.70.164.150 |
| community[1] | 150:150 |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+----------------------------+-------------------------------------------------+
Beginning with Avi Vantage 17.1.2, it is possible to tag routes advertised to a BGP peer with a standard community. Avi Vantage 17.1.2 supports tagging of the routes in BGP submode only. Avi Vantage 17.1.2 does not support tagging of the communities on a per route basis.
[admin:controller]: > configure vrfcontext global
Updating an existing object. Currently, the object is:
+----------------+-------------------------------------------------+
| Field | Value |
+----------------+-------------------------------------------------+
| uuid | vrfcontext-3cc726d3-d94a-4eb0-9c70-f70d7e1b185e |
| name | global |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+----------------+-------------------------------------------------+
[admin:controller]: vrfcontext> bgp_profile
[admin:controller]: vrfcontext:bgp_profile>
cancel Exit the current submode without saving
community List of community attributes. Valid values are "internet", "local-AS", "no-advertise", "no-export". Community can also be specified in : format where AS,Val are in the range [1,65535].
do Execute a show command
hold_time Hold time for Peers
ibgp BGP peer type
keepalive_interval Keepalive interval for Peers
local_as Local Autonomous System ID
new (Editor Mode) Create new object in editor mode
no Remove field
peers (submode)
save Save and exit the current submode
send_community Send community attribute to all peers(True by default)
show_schema show object schema
watch Watch a given show command
where Display the in-progress object
[admin:controller]: vrfcontext:bgp_profile> community internet
[admin:controller]: vrfcontext:bgp_profile> community 10:10
[admin:controller]: vrfcontext:bgp_profile> community 65000:20
[admin:controller]: vrfcontext:bgp_profile> save
[admin:controller]: vrfcontext> save
+---------------------------+-----------------------------------------------------------------------+
| Field | Value |
+---------------------------+-----------------------------------------------------------------------+
| uuid | vrfcontext-3cc726d3-d94a-4eb0-9c70-f70d7e1b185e |
| name | global |
| bgp_profile | |
| local_as | 65000 |
| ibgp | True |
| keepalive_interval. | 60 |
| hold_time | 180 |
| send_community | True |
| community[1] | internet |
| community[2] | 10:10 |
| community[3] | 65000:20 |
| system_default | True |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+---------------------------+-----------------------------------------------------------------------+
</code></pre>